NetServer Security element
The security section group contains three configuration sections related to domain- and operational security settings.
Warning
Do not change these values unless you are absolutely sure!
<Security>
<ActiveDirectoryCredentialPlugin>
<add key="Domain" value="" />
<add key="Container" value="OU=,DC=,DC=" />
<add key="User" value="" />
<add key="Password" value="" />
</ActiveDirectoryCredentialPlugin>
<Cryptography>
<add key="SymmetricKey" value="" />
<add key="SymmetricIV" value="" />
<add key="SymmetricSecret" value="" />
</Cryptography>
<Sentry>
<add key="Ignore" value="false" />
</Sentry>
<SoPasswordCredentialPlugin>
<add key="DisableUseExternalAssociate" value="false" />
<add key="DisableUseInternalAssociate" value="false" />
<add key="DisableUseSystemAssociate" value="false" />
</SoPasswordCredentialPlugin>
</Security>
ActiveDirectoryCredentialPlugin
Configuration settings related to Active Directory domain.
| Name | Description | Default |
|---|---|---|
| Container | The container on the store to use as the root of the context. Default container is used when nothing is provided. Leave it blank if you do not know. All queries are performed under this root. | |
| DisableIntegration | Disable integration with Active Directory. | false |
| Domain | Name of the domain for authentication. Default domain is used when nothing is provided. The name of the domain or server for System.DirectoryServices.AccountManagement.ContextType.Domain context types, the machine name for System.DirectoryServices.AccountManagement.ContextType.Machine context types, or the name of the server and port hosting the System.DirectoryServices.AccountManagement.ContextType.ApplicationDirectory instance. |
|
| Password | The user password used to connect to the store. | |
| PriorityInternalAssociate | Priority of the plugin for internal associates. | |
| User | The username used to connect to the store. It must be able to list and view users. If the username and password parameters are not configured, the default credentials of the current principal are used. Otherwise, both username and password must be configured, and the credentials they specify are used to connect to the store. |
Caution
To find and import Active Directory users, NetServer web services need to be in the Active Directory domain. This is why we recommend onsite deployment scenario 2 with a reverse proxy so you do not expose it to the DMZ.
Cryptography
Cryptography is used for encrypting and decrypting the user credentials and sessions.
Caution
Change any of these keys at your own peril.
| Name | Description |
|---|---|
| SymmetricIV | The IV used in the Rijndael algorithm. |
| SymmetricKey | The Key used in the Rijndael algorithm. |
| SymmetricSecret | A secret phrase used as a signature. |
The SymmetricKey and the SymmetricIV are used in the Rijndael-based (System.Security.Cryptography.Rijndael) encryption and decryption methods. The SymmetricSecret is used to compute a hash code using the SHA256Managed classes (System.Security.Cryptography.SHA256Managed). The key-value pairs in the section are used in NetServer session suspend and session continue routines.
When a session is suspended, the SymmetricKey and the SymmetricIV are used to encrypt the session information, where the SymmetricSecret creates a hash code. Using a CryptoStream (System.Security.Cryptography.CryptoStream), the encrypted session data and the computed hash will be written to a MemoryStream (System.IO.MemoryStream) and returned as a Base64String for subsequent calls to a session's Continue method.
In SoSession.Continue, the SymmetricKey and the SymmetricIV will be used to decrypt the session data, and the SymmetricKey will be used to compute the hash code. The hash code generated by session.Suspend method is checked against the hash code generated by the continue method to verify whether the encrypted and decrypted information are the same and have not been tampered.
The SymmetricKey and the SymmetricIV are generated values while the SymmetricSecret is a user-defined secret.
It is important to know that if your system is using a server cluster these values should be identical in all cluster machines.
Sentry
Sentry configuration options.
| Name | Description | Default |
|---|---|---|
| Ignore | Ignore the Sentry mechanism, everything will be allowed. | false |
SoPasswordCredentialPlugin
SuperOffice password credentials plugin options.
| Name | Description | Default |
|---|---|---|
| DisableUseExternalAssociate | Disables SuperOffice password for External associates. | false |
| DisableUseInternalAssociate | Disables SuperOffice-passwords for Internal associates (normal users). | false |
| DisableUseSystemAssociate | Disables SuperOffice password for System associates. | false |
| PriorityInternalAssociate | Priority of the plugin for internal associates. |
See the NetServer Core reference for details about handling this programmatically.